CISA’s Scanner Identifies Web Services Impacted By Log4J Flaw

Share post:

The Cybersecurity and Infrastructure Security Agency (CISA) introduced the Log4J scanner, which will help identify web services affected by two Log4j flaws (CVE-2021-44228 and CVE-2021-45046).

The tool, based on an automated scanning framework developed by cybersecurity firm FullHunt, allows security teams to scan network hosts for two main actions, including Log4j RCE exposure and detection of web application firewall (WAF) bypasses that can allow attackers to execute code within an organization’s network.

Notable features of the Log4j scanner include support for lists of URLs, fuzzing for more than 60 HTTP request headers, fuzzing for HTTP Post Data parameters, fuzzing for JSON data parameters, DNS callback support for vulnerability discovery and validation, and WAF Bypass payloads.

These and many more are some of the efforts of CISA to mitigate attacks resulting from the successful exploitation of the Log4j flaw.

For more information, read the original story in BleepingComputer.



Related articles

U.S. proposes to safeguard $52bn semiconductor funding from China

The U.S. Commerce Department has proposed new rules to prevent $52 billion in semiconductor manufacturing and research funding...

Old hard drives are more durable than new ones

Secure Data Recovery examined 2,007 damaged or defective hard disk drives (HDDs) and concluded that old drives are...

Book Publishers and Internet Archive face-off in court over library e-books

A federal court in New York is currently hearing arguments in the Hachette v. Internet Archive case, which...

Nvidia to rent out Supercomputers for AI development

Jensen Huang, CEO of Nvidia Corp, has announced that the company will rent out its powerful supercomputers, which...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways